Port forwarding Cisco 857W + admin page viewable externally
I would like to open UDP port 22335, and TCP port 80 on my local server 10.10.10.50. I've been having a heck of a time getting this to work, as I don't really understand access lists and what is required.. also, for some reason my firewall is open to the outside world on port 443 (you can browse and see the admin access page) I don't recally setting this up!! Can someone help me fix all this? Config is as follows:
Thanks a million guys!
CiscoMan
This is the running config of the router: 10.10.10.1
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname **************
boot-start-marker
boot system flash c850-advsecurityk9-mz.124-15.T15.bin
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 **************
aaa new-model
aaa session-id common
clock timezone CST -6
clock summer-time CDT recurring
crypto pki trustpoint TP-self-signed-2488767310
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2488767310
revocation-check none
rsakeypair TP-self-signed-2488767310
crypto pki certificate chain TP-self-signed-2488767310
certificate self-signed 01
<cert here>
quit
dot11 syslog
dot11 ssid ***********
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 ******************
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp excluded-address 10.10.10.201 10.10.10.254
ip dhcp pool ccp-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server *********
default-router 10.10.10.1
ip cef
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp router-traffic
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
no ip bootp server
ip domain name yourdomain.com
ip name-server *******
ip name-server *******
appfw policy-name SDM_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
username ********* privilege 15 secret 5 ************************
archive
log config
hidekeys
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
bridge irb
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 0/35
pppoe-client dial-pool-number 1
interface FastEthernet0
shutdown
interface FastEthernet1
interface FastEthernet2
shutdown
interface FastEthernet3
interface Dot11Radio0
no ip address
encryption vlan 1 mode ciphers aes-ccm
broadcast-key vlan 1 change 30
ssid ********
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
bridge-group 1
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip inspect SDM_MEDIUM out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username ******** password 7 ********
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration##NO_ACES_3##
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_13##
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit udp host ******* eq domain any
access-list 101 permit udp host ******** eq domain any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
dialer-list 1 protocol ip permit
control-plane
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Hi Bro
As mentioned by jcarvaja above, you’ll need to enable PAT (Port Address Translation) simply because you’ve a single WAN IP Address.
Here are the commands that you should insert;
ip nat inside source static tcp 10.10.10.50 80 interface Dialer0 80
ip nat inside source static udp 10.10.10.50 22335 interface Dialer0 22335
ip nat inside source static udp 10.10.10.50 22336 interface Dialer0 22336
ip nat inside source static udp 10.10.10.50 30175 interface Dialer0 30175
ip nat translation timeout 600
ip nat translation tcp-timeout 600
ip nat translation udp-timeout 600
ip nat translation syn-timeout 600
ip nat translation icmp-timeout 600
Moreover, the reason as to why your Router’s admin page is widely expose to the Internet cloud is simply because you’ve enabled the http services.
Here are the commands that you should insert;
no ip http server
no ip http secure-server
P/S: if you think this comment is useful, please do rate them nicely :-) and click on the button THIS QUESTION IS ANSWERED.
Similar Messages
-
Port forwarding Cisco RV042 / RV042G
Hi,
we use three Cisco RV042 small Business Routers.
The problem:
We want to forward HTTPS on Wan-side to an other port than 443 on Lan-side.
For example: Wan 217.44.55.66 port 443 to 192.168.0.5 port 5001
There is only this option in RV042 : Forwarding -> Service HTTPS [TCP/443~443] to "IP-Adress" (also Port 443)
but we need something like this:
Forwarding -> Service HTTPS [TCP/443~443] to 192.168.0.5:5001
How can I configure it ?
Greetings from Germany
Goetz Hartwig, ITUC GmbHHi Ituconsult1
My name is Mehdi from Cisco Technical Support, yes with RV042 we can translate the port
Please follow this steps:
1. Please remove the rule of the port forwarding
2. Go to Setup under UPnP , service management and you will see external port and internal port so please configure external port to 443 and internal to 5001 and click add, please do not enable UPnP
3. on the same page please choose the service you created and put the internal IP of the server server
Please rate the post or mark it as answered to help other Cisco customers
Greeting
Regards
Mehdi -
Port Forwarding Cisco firewall
Hi,
In Cisco Firewall 2900 seires
trying to use port forwarding
but not communication please help me.
Reg
Manoj.: Saved
: Written by enable_15 at 23:01:39.772 UTC Thu Jan 30 2014
name 10.10.70.X.40 FinalPdf
name 201.256.x.x Youfinalip
interface Ethernet0/0
nameif YOUB
security-level 0
ip address 201.256.x.x.254.82 255.255.255.248
interface Ethernet0/2
nameif inside
security-level 100
ip address 10.10.70.X.1 255.255.255.0
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service ftp tcp
port-object eq ftp
port-object eq ftp-data
port-object eq 14147
object-group service any tcp-udp
port-object range 1 65535
object-group service DM_INLINE_TCP_1 tcp
group-object ftp
port-object eq ftp-data
access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 10.70.0.0 255.255.0.0
access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_access_in extended deny object-group TCPUDP any any eq domain
access-list inside_access_in extended permit ip any any
access-list YOUB_mpc extended permit ip any any
access-list YOUB_access_in extended permit object-group TCPUDP any interface YOUB inactive
access-list YOUB_access_in extended permit tcp any host Youfinalip object-group ftp
pager lines 24
logging enable
logging emblem
logging asdm-buffer-size 512
logging buffered debugging
logging trap debugging
logging history debugging
logging asdm debugging
logging device-id hostname
logging debug-trace
logging ftp-bufferwrap
logging ftp-server 10.10.70.X.251 firwall/ firwall firwall
logging class auth trap emergencies asdm emergencies
mtu YOUB 1500
mtu SIFY 1500
mtu inside 1500
mtu WAN 1500
mtu management 1500
ip verify reverse-path interface YOUB
ip verify reverse-path interface inside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
asdm location Testpdf 255.255.255.255 inside
asdm history enable
arp timeout 14400
global (YOUB) 1 interface
global (SIFY) 1 interface
nat (inside) 0 access-list EXEMPT
nat (inside) 1 10.10.70.X.0 255.255.255.0 dns
static (inside,YOUB) tcp Youfinalip ftp Testpdf ftp netmask 255.255.255.255
access-group YOUB_access_in in interface YOUB
access-group inside_access_in in interface inside
route YOUB 0.0.0.0 0.0.0.0 201.256.x.x.254.81 1 track 1
route inside 0.0.0.0 0.0.0.0 10.10.70.X.1 10
route WAN 10.60.0.0 255.255.255.0 10.70.100.38 1
route WAN 192.168.8.0 255.255.255.0 10.70.100.38 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 100
type echo protocol ipIcmpEcho 4.2.2.2 interface YOUB
num-packets 3
frequency 10
sla monitor schedule 100 life forever start-time now
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
track 1 rtr 100 reachability
telnet timeout 5
ssh scopy enable
ssh 10.10.70.X.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username cisco password 3USUcOPFUiMCO4Jk encrypted
class-map YOUB-class
match access-list YOUB_mpc
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
description ftp
class inspection_default
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect ftp
class class-default
ips inline fail-open
policy-map YOUB-policy
class YOUB-class
ips inline fail-open sensor vs0
service-policy global_policy global
service-policy YOUB-policy interface YOUB
smtp-server 10.10.70.X.18
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:aace81256bc60bc50469f80cb0c4641a
: end -
Why is my Cisco ER admin page is blank after I place and enter the username and password?
when i enter my username and password in the CER admin login screen my page is blank. Can anyone tell me why? BTW I restarted Cisco Tomcat and my Cisco Emergency Responder will not start.
Version: 10.0.2.10000-11
Yes i did.
the platform page works just fine. It is just when i login with the admin page does not load.I mean it is just a blank white screen.
it should still appear without certificates. I have attached a screen shot -
Port Forwarding Cisco DDR2200 .
Hi. I am really knowledgable in technology but this has me stumped. I have a Cisco DDR2200 modem/router and all I want to do is forward some ports. I sign in and locate the Advanced-IPNetworking-VirtualServers. I then add my two external ports (25565), choose my protocol, and then enter my internal ports (25565). Then as my "server IP" (My local IP) is 192.168.1.70. I enter in all the correct details and select add. The ports just refuse to open no matter how many times I retry this. I have searched and searched on google until I finally had enough and came here.
Thanks in advance.Wrong forum, post in "small business - routers". You can move your post using the actions panel on the right.
-
Cisco UCCX admin page wont display
Hi,
I have setup my CCIE Voice lab at home and running UCCX 7. Everything was working perfectly, but now the appadmin page will not display. Is there a service I need to restart or do I need to reinstall the UCCX.
Thank youHave your restarted the tomcat service?
-
I've got a NAS setup with various services running on custom ports to help minimize exposure (especially to script kiddies). I've tested everything both internally and externally to confirm they all work, and even had someone at a remote location confirm accessibility as well. Port forward configurations performed on the Actiontec are working well.
I installed an L2TP/IPSec VPN server, tested internally and it connected successfully. So for all intents & purposes, this validates that the VPN server is correctly configured to accept inbound connections and functioning correctly.
I logged into the Verizon Actiontec MI424WR router, setup port forwarding for UDP ports 500, 1701 & 4500.
Note: I added the AH & ESP protocols based on what I saw on the built-in L2TP/IPSec rules
With the port forwarding in place, I tested VPN externally but it didn't connect.
I've done the following so far to no avail:
Double & triple checked the port forwards, deleted & recreated the rules a few times to be sure
There are no other pre-existing L2RP/IPSec port forward rules or otherwise conflicting port forward rules (e.g.: another rule for ports 500, 1701 or 4500)
There was an L2TP port triggering rule enabled, that I toggled on and off with no change
Verified the firewall on VPN server had an exclusion for L2TP, or that the firewall is off. (Firewall is off to reduce a layer of complexity, but it worked internally to begin with so I doubt that's the issue.)
Since it works internally, and there are no entries in the logs on the device indicating inbound connections, I'm convinced its an issue with the Verizon Actiontec router. But unfortunately, I'm not sure what else to try or where else to look to troubleshoot this. For instance, is there a log on the router that I can view in real time (e.g.: tail) that would show me whether or not the inbound connection attempt is reaching the device, and whether or not the device allowed or blocked it?
My router details:
Verizon Actiontec
MI424WR-GEN2
Revision E
Firmware 20.21.0.2
Verizon Actiontec built-in L2TP/IPSec rule templates. They're not currently in use, but are baked into the firmware for easy configuration/selection from a drop down menu.
Solved!
Go to Solution.normally a vpn on that router, will have a GRE tunneling protocol as well.
two ways to build the PF rules,
Manually
Preconfigured
I know the preconfigured VPN rules will do the GRE protocol as well, but if you do it by hand you can't get it. -
Port Forwarding - XBOX Live & PS3
Hello BT Forums!
I am having trouble with my BTHomeHub 3, XBOX 360 & PS3. In my household we have both consoles, and we play Call of Duty: Modern Warfare 3 on both.
Now, with the BTHomeHub3 on the "port forwarding" menu I am only allowed to select one either "XBOX Live" OR "PlayStation 3" not both, it just brings up an error saying I can only select one and to change I have to remove the other.
I have my PlayStation 3 set with "PlayStation 3" port forwarding on the admin settings, but this puts the NAT settings on the XBOX to "Strict". Then if I take the port forwarding off the PlayStation 3 and set port forwarding for the XBOX it puts my PlayStation 3 NAT on "Strict". There is no winning!
Is there anyway I can select both, without having to resort to DMZ (makes my connection unstable).
Thanks!Hi dlmatthews and welcome to the forum, i've had the same issue, you can't port forward to both, I just DMZ my PS3 and port forwarded to my another PS3 in the household.
If you want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side If the the reply answers your question then please mark as ’Mark as Accepted Solution -
Port forwarding Airport Extream
Is there a complete manual for the proper setup and configuration of the latest Airport Extream for port forwarding an I.P. Camera for external viewing. If so can someone direct me oar supply an answer. Thanks in advance.
Apple AirPort Extream Version 7.6.1
iMac 27" 2.8 GHz Intel Core 2 Duo
3 GB 800 MHz DDR2 SDRAM
JoseTo successfully access an IP camera on the local network from the Internet, the following basics need to be taken care of:
Install the camera(s) and verify that you can access them from the local network.
Configure port mapping/forwarding on your router. Typically, IP cameras require at least two ports: 1) A web port for administering the camera; Usually TCP port 80, and 2) A streaming port to broadcast the camera video feed; Usually UDP port 9000. Note: You should check with your camera's documentation for the exact ports required.
If the camera is attached to a computer, you will need to configure the computer's firewall to open the same ports as in step 2 above.
Verify that your modem is in bridge mode, i.e., if the modem provides NAT & DHCP services, turn them off.
Test your network. Use CheckIP to determine your router's current WAN-side (public) IP address. Then, from a remote location (not from a computer on the local network), use the DynDNS Open Port Tool to verify that the required ports are open. Success is an "Open" response from the Tool.
The following are general instructions on how to configure the AirPort for port mapping:
AEBSn - Port Mapping Setup
To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
1. Reserve a DHCP-provided IP address for the host device.
AirPort Utility > Select the AEBSn > Manual Setup > Internet > DHCP tab
On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
Description: <enter the desired description of the host device>
Reserve address by: MAC Address
Click Continue.
MAC Address: <enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the host computer>
IPv4 Address: <enter the desired IP address>
Click Done.
2. Setup Port Mapping on the AEBSn.
AirPort Utility > Select the AEBSn > Manual Setup >Advanced > Port Mapping tab
Click the "+" (Add) button
Service: <choose the appropriate service from the Service pop-up menu>
Public UDP Port(s): <enter the appropriate UDP port values>
Public TCP Port(s): <enter the appropriate TCP port values>
Private IP Address: <enter the IP address of the host server>
Private UDP Port(s): <enter the same as Public UDP Ports or your choice>
Private TCP Port(s): <enter the same as Public TCP Ports or your choice>
Click "Continue" -
Port forwarding for external access to VNC server on multiple machines
I will have 10 PCs connected to the WRT54GL wireless AP. I am testing with 1. It has a static addresses 10.155.22.51. It is running a VNC server at port 5951.
If I set my VNC client up to access 10.155.22.51:5951 it works through the WRT54GL wireless AP.
I set the WRT54GL port forwarding to 5951 - 5951, set the IP address to 10.155.22.51 and enable. The external address of the AP is 10.155.0.29 on the company LAN.
So I set the VNC client to access the AP address with the VNC port, i.e. 10.155.0.29:5951. I expect the AP to change the address to 10.155.22.51:5951. This does not work.
Note: the problem could be that the AP is going through NATting because I can also access it at 10.155.22.9 along with all the other PCs on that LAN, i.e. I can access the LAN directly from elsewhere on the company net.You can try changing the IP of the AP manually ... connect it to the Computer ..... access the setup page using http://192.168.1.245 .... use password as admin ....
Configure the IP settings first ...
Again login with new IP address .... configure wireless settings .....
Power down the AP & then the router ....
Wait for few minutes .... then power on the router ...first then the AP ... -
Port Forward in Cisco series 800
Dear Support
below the configuration of Cisco Series 800 Router that Has VDSL port of internet , the configuration as below :
i add three command
what is required in order to make port forward
ip nat inside source static tcp 8000 10.10.10.10 8000 dilar 0
ip nat inside source static tcp 554 10.10.10.10 554 dilar 0
ip access list extended 100
permit ip any any
what is required to make port forward to the local ip address 10.10.10.10 from outside interface that is VDSL port ?
! Last configuration change at 10:47:44 KSA Wed Apr 22 2015 by aamalsup
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime
service password-encryption
hostname AamalNet
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret level 2 5 $1$Y4PF$K6TQ5wf0gcHiO5IxvLZba0
enable secret level 5 5 $1$WZeO$BzTCl0C0e1078CWxExJK0/
enable secret 5 $1$plq6$P5HVL/tR81cs0GFDrD.0V/
aaa new-model
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa session-id common
clock timezone KSA 3 0
crypto pki trustpoint TP-self-signed-1682106276
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1682106276
revocation-check none
rsakeypair TP-self-signed-1682106276
crypto pki certificate chain TP-self-signed-1682106276
certificate self-signed 02
30820250 308201B9 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363832 31303632 3736301E 170D3032 30333031 30303038
35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36383231
30363237 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C2F3 49897460 71FEB259 7794B7C6 D398958A 2D338F0F C69F0E75 1137B16C
C261A275 8416DAF6 FC19AA6E 50024019 66CE4DB8 3AFAB6FE CE892B42 86A93490
97259E47 D740B2F4 9AA2D307 7B676841 2CAAA879 D945A6FD 717B507F 77399332
1644CEDE 884BF133 ACFBBC80 9869A104 54CC3EEE 9D521378 EC762D86 C3F0ABC9
CA990203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
551D1104 1C301A82 18417761 6C416D61 6C792E61 77616C6E 65742E6E 65742E73
61301F06 03551D23 04183016 80149ADD A651C9F9 F8369354 5C904777 090FEB75
72E0301D 0603551D 0E041604 149ADDA6 51C9F9F8 3693545C 90477709 0FEB7572
E0300D06 092A8648 86F70D01 01040500 03818100 50ACCA98 1A5FCCAD FC61D703
A8589B02 AFB8CD47 BD1CC7B0 B095C97F AA0604A8 F8495053 C8A9CBB9 644F5674
318A7AA0 873250AD 1DE28CE2 BE21ED19 BF212CF7 E2A97CFB FFA62F1E 643CEDFE
90D02109 719FD4D3 98E6C40B D61CE89C D2426C1E 3CBD9FBE 397F7F7C F1DD279E
14F8BB2D ABFA784B 6E04274B EDCBFC8F A805E91D
quit
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.11.1
ip dhcp pool lan
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 212.93.192.4 212.93.192.5
lease 0 2
ip dhcp pool wireless
import all
network 10.10.11.0 255.255.255.0
default-router 10.10.11.1
dns-server 212.93.192.4 212.93.192.5
lease 0 2
no ip domain lookup
ip domain name aamal.net.sa
ip name-server 212.93.192.4
ip name-server 212.93.192.5
no ipv6 cef
cwmp agent
enable download
enable
session retry limit 10
management server password 7 094D4308151612001D05072F
management server url http://aamalservice.aamal.net.sa:9090
license udi pid C887VA-W-E-K9 sn FCZ17459018
archive
log config
hidekeys
username k privilege 15 password 7 020D
username admin privilege 15 password 7 14161606050A
controller VDSL 0
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group aamalnet
key aamalnet
dns 212.93.192.4 212.93.192.5
include-local-lan
dhcp server 10.10.10.1
max-users 10
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group aamalnet
client authentication list sdm_vpn_xauth_ml_2
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode tunnel
crypto ipsec profile SDM_Profile1
set security-association idle-time 60
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
bridge irb
interface ATM0
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 0/35
pppoe-client dial-pool-number 1
interface Ethernet0
no ip address
shutdown
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip unnumbered Vlan1
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface Vlan2
no ip address
bridge-group 2
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname [email protected]
ppp chap password 7 0007145E2E5A05522E1858
no cdp enable
interface BVI2
ip address 10.10.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255
access-list 23 permit 212.93.196.0 0.0.0.255
access-list 23 permit 212.93.192.0 0.0.0.255
access-list 23 permit 212.93.193.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 10.10.11.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
snmp-server community private RW
snmp-server community public RO
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
privilege interface level 5 encapsulation
privilege interface level 5 description
privilege interface level 5 no encapsulation
privilege interface level 5 no description
privilege interface level 5 no
privilege configure level 5 ip route
privilege configure level 5 interface
privilege configure level 5 controller
privilege configure level 5 ip
privilege exec level 5 copy running-config tftp
privilege exec level 5 copy running-config
privilege exec level 5 copy
privilege exec level 5 write memory
privilege exec level 5 write
privilege exec level 5 configure terminal
privilege exec level 5 configure
privilege exec level 5 show processes cpu
privilege exec level 5 show processes
privilege exec level 2 show running-config
privilege exec level 5 show configuration
privilege exec level 2 show
privilege exec level 5 clear counters
privilege exec level 5 clear
banner exec
CC
% Password expiration warning.
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
banner login
CC
********STC AamalNet Service****************************************
********Authorize Access Only. For more Support Call 909************
line con 0
privilege level 15
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
access-class 23 in
privilege level 2
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 20000 1000
endHello,
Sure.
What version are you running?
Regards, -
Lost ability to connect through port forwarding after cisco guest software install
Using Remote Admin 2.2 software to remote into work computer.
E1000 I installed the cisco guest software on my pc and configured the guest about 2 months ago.
Needed to get into office PC this past weekend and connection fails.
Have a static IP address on router. forward a single port to my office machine within the router.
Get nothing but an error on connection. Router is 2.1.02 build 6Jan 15, 2013.
Log file shows nothing on the incoming log? dynamic ip at home...
Another office worker, on the same internal network, has gotomypc running and port forwarding setup on router and he is still working fine, he can access his pc from home. The only change I have made to router was the cisco connect for guest access.
Is it possible this is stopping my remote admin?
thanks kevinHey kevboac! Make sure that the computer you're using to access the remote computer is connected to the main wireless network and not to the Guest network. Being connected to the Guest network will prevent you from doing File and Printer Sharing, and Remote Access. Hope this helps!
-
WRV200 Port forwarding internal/external
Hi,
Is there any way I can set up a port forwarding with a different tcp port externally than the one internally ? (for example: wan tcp port 8080 -> lan 192.168.1.1 tcp port 80)
Thanks.I have this same issue with the same firmware.
I have UPnP turned on but there is not a screen to configure it like there is on so many other Linksys Routing products.
Is it just a hidden page that we can go to if we typed the url in? -
Cisco 5520 ASA Port Forward to Endian Firewall VPN Question
Hello,
We have had a VPN operational on our Endian Firewall which uses OpenVPN server on port number 1194. We recently purchased a Cisco 5520 ASA to put in front of our Endian Firewall and I am still hoping to use our current Endian Firewall VPN server. So I am thinking the easiest way to make this happen is to port forward all vpn traffic through the ASA to our Endian Firewall to access the VPN. Anyhow, I am just hoping someone with higher knowledge can let me know if this is the best course of action or if there is another easier or more efficient way of doing this?
Thanks for your comments in advance I am new to cisco technology,
JoeWrong forum, post in "Secuirity - Firewalling". You can move your posting with the Actions panel on the right.
-
Cisco ASA 5512, IP NVR port forwarding
Hi,
i have Cisco 5512 ASA with version 8.6(1)2. i have one IP NVR for ip cameras.
please help me how to configure port forwarding in cisco asa in CLI?
I have static IP on ASA 94.56.178. 222 and NVR IP 10.192.192.100
thank you so much.ASA#
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 94.56.178.222 255.255.255.255 identity
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fffa2969000, priority=0, domain=permit, deny=true
hits=11524, user_data=0x9, cs_id=0x0, use_real_addr, flags=0x1000, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=OUTSIDE, output_ifc=any
Result:
input-interface: OUTSIDE
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
please advise
Maybe you are looking for
-
Engineer to Logical Model in SQL Developer EA4 causes problems
I'm working with SQL Developer 3.0 EA4 (Build MAIN-03.97) Unfortunately I fond out, that it would be impossible to use the function " Engineer to Logical Model" any more after I change the relational model. In datamodeler.log I got the error message
-
Dynamic UIElement Generation at Runtime
Hi everybody, My problem is, that I want to create a number of elements at runtime. The number depends on the records in the database. So when I got 30 records in my database. I want to create 30 elements. So far, so good. The connection through the
-
Enhancements or Userexits to change a field in PO
Hello experts, My Requirement is while creating a PO from PR using ME59n (automatic creation) , unloading point (ekpv-ablad) has to be populated with some conditions.Currently i found a BADI ME_PURCHDOC_POSTED and able to make change by calling a
-
I am working on making a small intro piece of the RH8.01 project to serve as a customer onboarding tool. First rev I left the default TOC inplace but selected only those 12 tpoics I want to use. (FYI, I am building some small Cap4 sims to be inserted
-
Itunes plays through computer speakers instead of bluetooth
I have a windows xp PC and i can use bluetooth to play music wirelessly from my computer using a bluetooth adapter from everything except itunes. Is there a setting in itunes that I can change to get my library to play to a wireless speaker? Could my